This preview shows page 1. Sign up to view the full content.
Unformatted text preview: Keyword
Brief Full Advanced Search Search Tips (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book:
Go! Previous Table of Contents Next
 Carol’s public key is e, her private key is d, and the RSA modulus is n. (1) Alice and Bob agree on a random k and an m such that km a e (mod n) They should choose the numbers randomly, using a coinflip protocol to generate k and then computing m. If both k and m are greater than 3, the protocol continues. Otherwise, they choose again. (2) Alice and Bob generate a random ciphertext, C. Again, they should use a coinflip protocol. (3) Alice, using Carol’s private key, computes M = Cd mod n She then computes X = Mk mod n and sends X to Bob. (4) Bob confirms that Xm mod n = C. If it does, he believes Alice. A similar protocol can be used to demonstrate the ability to break a discrete logarithm problem [888]. ZeroKnowledge Proof that n Is a Blum Integer
There are no known truly practical zeroknowledge proofs that n =pq, where p and q are primes congruent to 3 modulo 4. However, if you allow n to be of the form prqs, where r and s are odd, then the properties which make Blum integers useful in cryptography still hold. And there exists a zeroknowledge proof that n is of that form. Assume Alice knows the factorization of the Blum integer n, where n is of the form previously discussed. Here’s how she can prove to Bob that n is of that form [660]. (1) Alice sends Bob a number u which has a Jacobi symbol 1 modulo n. (2) Alice and Bob jointly agree on random bits: b1 , b2 , ..., bk. (3) Alice and Bob jointly agree on random numbers: x1 , x2 , ..., xk. (4) For each i = 1, 2,..., k, Alice sends Bob a square root modulo n, of one of the four numbers: xi, xi, uxi, uxi. The square root must have the Jacobi symbol bi. The odds of Alice successfully cheating are one in 2k. 23.12 Blind Signatures
The notion of blind signatures (see Section 5.3) was invented by David Chaum [317,323], who also invented their firs...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details